Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials

From: "Daniel P. Berrange" <berrange redhat com>
To: Anthony Liguori <anthony codemonkey ws>
Cc: gtk-vnc-devel lists sourceforge net
Subject: Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials
Date: Mon, 9 Jul 2007 19:18:33 +0100

On Mon, Jul 09, 2007 at 09:04:11AM -0500, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >--- a/examples/gvncviewer.c	Wed Jul 04 15:32:55 2007 -0400
> >+++ b/examples/gvncviewer.c	Thu Jul 05 13:48:15 2007 -0400
> >@@ -7,16 +7,83 @@
> > #include <netinet/tcp.h>
> > #include <arpa/inet.h>
> > 
> >+GtkWidget *window;
> >+
> >+void vnc_disconnect(GtkWidget *vnc)
> >+{
> >+	printf("VNC widget disconnected\n");
> >+	gtk_main_quit();
> >+}
> >+
> >+void vnc_initialized(GtkWidget *vnc)
> >+{
> >+	printf("VNC widget initialized\n");
> >+	gtk_widget_show_all(GTK_WIDGET(window));
> >+}
> >+
> >+void vnc_credential(GtkWidget *vnc, int cred)
> >+{
> >+	GtkWidget *dialog, *label, *entry, *box, *vbox;
> >+	const char *data, *title;
> >+	int response;
> >+
> >+	printf("Got credential request for %d\n", cred);
> >+	if (cred != VNC_DISPLAY_CREDENTIAL_PASSWORD &&
> >+	    cred != VNC_DISPLAY_CREDENTIAL_USERNAME) {
> >+		printf("Unsupported credential type\n");
> >+		vnc_display_close(VNC_DISPLAY(vnc));
> >+		return;
> >+	}
> 
> It's a little awkward that for user/pass authentication two separate 
> callbacks would be generated.  This makes implementing a single dialog 
> that asks for user/pass rather weird.  You'd have to keep track of which 
> creds were requested and once both were asked for, then pop up a dialog.

Well my though is that a client will not know ahead of time whether a
server will want a certificate, a password, a username + password or
some other sort of information. So any app wouldn't want to build a
UI containing both a username + password in one form, since it is not
neccesarily going to correspond to what they actually need to collect. 
Instead they'd have a generic form with a label/text entry & just prompt 
for each bit of auth data as it was requested in turn. 

This kind of 'drip feeding' of auth credential requests is the way both PAM 
& SASL like to operate. From the UI pov, cf GDM login screen for X which
prompts for each auth data piece in turn, rather than its old style XDM
which had a fixed 'username + password' form.

> I think we should either pass a GSList here or have a higher level 
> credential like VNC_DISPLAY_CREDENTIAL_USER_PASS.

I'm not convinced we need either, but I'd have a  preference for the former
keeping distinct credential types.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|

Follow-Ups:
- Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials
  - From: Anthony Liguori

References:
- [gtk-vnc-devel] PATCH 0/2: Authentication callback support
  - From: Daniel P. Berrange
- Re: [gtk-vnc-devel] PATCH 2/2: API for gathering credentials
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]